Greylisting settings

The Enable Greylisting function activates a feature that protects users from spam using the following technique: The transport agent will send a “temporarily reject” SMTP return value (default is 451/4.7.1) for any received email that is not from a recognized sender. A legitimate server will try to resend the message after a delay. Spam servers will typically not attempt to resend the message, as they usually go through thousands of email addresses and do not waste time resending. Greylisting is an additional layer of Antispam protection, and does not have any effect on the spam evaluation capabilities of the Antispam module.

When evaluating the message source, the Greylisting method takes into account the Approved IP list, the Ignored IP list, Safe Senders and the Allow IP lists on the Exchange server as well as Antispam bypass settings for the recipient mailbox. Emails from these IP addresses/senders lists or emails delivered to a mailbox that has the Antispam bypass option enabled will be bypassed by the Greylisting detection method.

Use only domain part of sender address

Ignores sender's name in the email address; only domain is taken into account.

Synchronize greylisting databases across the ESET cluster

Greylisting database entries are shared in real time between the servers in ESET cluster. When on one of the servers receives a message that is processed by greylisting, this information is broadcast by ESET Mail Security over to the rest of the nodes in ESET cluster.

Time limit for the initial connection denial (min.)

When a message is delivered for the first time and temporarily refused, this parameter defines the time period during which the message will always be refused (measured from the first refusal). After the defined time period has elapsed, the message will be successfully received. The minimum value you can enter is 1 minute.

Unverified connections expiration time (hours)

This parameter defines the minimum time interval for which the triplet data will be stored. A valid server must resend a desired message before this period expires. This value must be greater than the value of Time limit for the initial connection denial.

Verified connections expiration time (days)

The minimum number of days for which the triplet information is stored, during which emails from a specific sender will be received without any delay. This value must be greater than the value of Unverified connections expiration time.

SMTP response (for temporarily denied connections)

Specify a Response code, Status code and Response message, which define the SMTP temporary denial response sent to the SMTP server if a message is refused. Example of a SMTP reject response message:

Response code

Status code

Response message



Please try again later


Incorrect syntax in SMTP response codes may lead to the malfunction of Greylisting protection. As a result, spam messages may be delivered to clients or messages may not be delivered at all.


You can also use system variables when defining the SMTP reject response.

All messages that have been evaluated using the greylisting method are recorded in the SMTP protection log.